6 days to save $500 for SANS Rocky Mountain 2013

SANS InfoSec Reading Room - Protocols

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

FireEye

Featuring 30 papers as of May 24, 2013
PDF Analyzing Polycom® Video Conference Traffic
By: Chris Cain (posted on April 16, 2013)
Most businesses and hospitals have relied on videoconferencing (VC) hardware to perform meetings, interviews, presentations or even tele-medicine procedures for many years.
PDF Analyzing Network Traffic With Basic Linux Tools
By: Travis Green (posted on November 16, 2012)
When examining network traffic, one may examine the packets individually with Tcpdump, or reconstruct it with sophisticated and sometimes expensive tools.
PDF A Complete Guide on IPv6 Attack and Defense
By: Atik Pilihanto (posted on March 19, 2012)
Based on RFC 791, “the internet protocol is designed for use in interconnected systems of packet switched computer communication networks.
PDF Using SNORT® for intrusion detection in MODBUS TCP/IP communications
By: Javier Jimenez Diaz (posted on December 19, 2011)
Not long ago, analog and purpose built communications systems use to be prevalent technologies on industrial plants. It wasn’t common to find either interoperability or compatibility among them. In the 70s communication Networking began to be used in Direct Digital Control (Berge Jonas, 2004).
PDF Using SSL to Secure LDAP Traffic to Microsoft Domain Controllers
By: Andrew Reid (posted on September 21, 2011)
When deploying application servers there is often a choice to be made regarding the authentication of user credentials. In most cases this is to use an internal account database or an LDAP directory such as Microsoft Active Directory Domain Services.
PDF Scoping Security Assessments - A Project Management Approach
By: Ahmed Abdel-Aziz (posted on June 7, 2011)
Security assessments can mean different things to different people. This paper will explore what a security assessment is, why it should be done, and how it is different than a security audit.
PDF OS and Application Fingerprinting Techniques
By: Jon Mark Allen (posted on September 27, 2007)
PDF Well It's About Time
By: Vance Rider (posted on January 19, 2005)
This document describes the role time plays in a networked environment. Specifically it introduces the reader to the Network Time Protocol (NTP) and how it is used to synchronize computer clocks together via a hierarchical master slave relationship in a secure manner.
PDF The Next Internet Privacy in Internet Protocol Version 6 (IPv6)
By: Kevin Scott (posted on June 9, 2004)
This paper addresses the aspect of privacy relating to Internet Protocol version 6 (IPv6). It analyzes both the security features implemented in IPv6 as well as privacy-relevant concerns of capabilities implemented within IPv6 such as automatic configuration.
PDF Applying the OSI Seven Layer Network Model To Information Security
By: Damon Reed (posted on January 11, 2004)
Data networking is a critical area of focus in the study of information security. This paper focuses on reviewing a key area of data networking theory - The Open Systems Interconnect (OSI) Seven Layer Network Model.
PDF Monitoring The ARP Protocol On Local Area Networks
By: David Fuselier (posted on January 11, 2004)
This document is a research paper on how to use the ARP protocol to monitor local area networks.
PDF Understanding Instant Messaging (IM) and its security risks
By: Sujata Chavan (posted on November 5, 2003)
This paper provides an overview of IM technology, vulnerabilities and related security issues.
PDF SSL and TLS: A Beginners Guide
By: Holly McKinley (posted on October 31, 2003)
This paper particularly serves as a resource to those who are new to the information assurance field, and provides an insight to two common protocols used in Internet security.
PDF Is The Border Gateway Protocol Safe?
By: Sargon Elias (posted on October 31, 2003)
This paper is about the security issues of organisations that are planning to run their own Border Gateway Protocol (BGP) router to provide a redundant internet connection. This paper includes the following sections; description of the scenario, a brief description of IP and interdomain routing, the risks when using BGP, mitigation steps and future developments.
PDF Security Measures to couple mixed IPv4/IPv6 Networks over a pure IPv6 Infrastructure by making Use of NAT-PT
By: Thorsten Brikey (posted on October 31, 2003)
The scope of this paper is to present a European test installation where NAT-PT is used to couple national networks over an IPv6 backbone.
PDF A Look at Automatic Protocol Generation & Security Protocols
By: Boris W. Vassall (posted on October 31, 2003)
This paper will attempt to describe automatic protocol generation, and security protocols. Automatic Protocol Generation, APG for short, is a mechanism to generate security protocols automatically.
PDF Securing Time - The Autokey Protocols
By: Robert H. Palko (posted on October 31, 2003)
This paper investigates the authentication protocols used with NTP-V4.
PDF IP Security Protocol-based VPNs
By: Eddie Younker (posted on October 31, 2003)
IP Security Protocol (IPSec) defines a set of protocols and cryptographic algorithms for creating secure IP traffic sessions between IPSec gateways as discussed in this paper.
PDF Digging Deeper Into TCP/IP
By: Leah Wilson (posted on October 31, 2003)
This paper takes a close look at TCP/IP as a reference for the security professional.
PDF Securing FTP Authentication
By: Mike Gromek (posted on October 31, 2003)
This paper discusses File Transfer Protocol, or FTP, an industry standard method of data exchange between computers, addresses some security concerns and offers several different approaches to these concerns.
PDF SNMP Alert 2002: What is it all about?
By: Brad Beckenhauer (posted on October 31, 2003)
This paper provides a brief history of Simple Network Management Protocol (SNMP) and discusses the tools and information that can be used to test for SNMP vulnerabilities and increase security on your networking infrastructure.
PDF Your Greatest Strength can become your Greatest Weakness: Simple Network Management Protocol Vulnera
By: Amy Geiger (posted on October 31, 2003)
This paper will discuss some of the major vulnerabilities discovered in SNMP and their potential impact as well as some of the major vendors affected by these vulnerabilities and possible solutions and alternatives that can be implemented to protect systems from these vulnerabilities.
PDF Understanding Security Using the OSI Model
By: Glenn Surman (posted on October 31, 2003)
This paper will provide a breakdown of the OSI (Open Source Interconnection) model, and using that model, explain some well-known vulnerabilities.
PDF Securing an Anonymous FTP Server in Solaris 8 with WU-FTPD
By: Mansel Bell (posted on October 31, 2003)
This paper will present one method of securing an anonymous FTP server in an UNIX environment.
PDF Border Gateway Protocol -The Language of the Internet
By: Yvonne Tracy (posted on October 31, 2003)
This paper is an examination of Border Gateway Protocol.
PDF Security Features in IPv6
By: Penny Hermann-Seton (posted on October 31, 2003)
This paper will present an in-depth view of the new security features in Internet Protocol version 6 (IPv6), namely the use of the Authentication Header and Encapsulating Security Payload (ESP) Header and examine how these security features can prevent certain types of network attacks.
PDF The Real Cost of Free Programs such as Instant Messaging and Peer-to-Peer File Sharing Applications
By: Sigrun Grabowski (posted on October 31, 2003)
This paper discusses specific technical details and security risks of the four most popular Instant Messaging clients as well as several peer-to-peer file sharing programs and examines specific threats that are present for both these types of programs.
PDF SNMP and Potential ASN.1 Vulnerabilities
By: Edmund Whelan (posted on October 31, 2003)
This paper briefly describes the SNMP protocol, with emphasis on the underlying ASN.1 notation, discusses the vulnerabilities identified by Oulu and demonstrates the Oulu Protos SNMP testing tool.
PDF Mobile IPv6
By: Sudha Sudanthi (posted on October 31, 2003)
The purpose of the paper is to familiarize you with the Mobile IPv6 standard, its use, and associated security concerns.
PDF IPv6 Deployment in Malaysia: The Issues and Challenges
By: Raja Azlina Raja Mahmood (posted on April 4, 2002)
This paper examines the IPv6 prominent features in details, discusses on the IPv6 deployment around the world and studies some of the transition mechanisms available today.
SANS Reading Room

Attending a SANS conference provides attendees with a great opportunity to learn from and share with world class IS Security professionals at a reasonable cost.
-Theresa Wahl, USAF

Network Security 2013 - Las Vegas

Latest Whitepapers

Securing BYOD With Network Access Control, a Case Study
By Lawrence Orans

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Latest Tweets

SANS San Francisco 2013 offers 7 courses to boost your Cyber [...]
May 23, 2013 - 3:06 PM

Excellent blog post by @MarkBaggett on pen testing MS SQL vi [...]
May 22, 2013 - 7:39 PM

#appsec "WhatWorks in AppSec: Log Forging" http://t.co/Gsq91O7UAH
May 22, 2013 - 10:00 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc